If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Somethin wrong is goin on!!

hi everyone

a new kinda virus has affected my computer. Actually i went to site called www.serials.ws for gettin some serials. But, all i got from that site was a GOD DAMN VIRUS.

What it does is, it automatically starts an iexplore.exe i.e. it doesnt open a new internet explorer window but when I press CTRL+ALT+DEL i.e. the Task Manager, i see this process runnin. And it keeps on generatin new processes like that after some time interval. And it only works when i am connected to the internet. So, here's wat it happens:

1. My computer works fine until its connected to internet.
2. After the computer is connected to the internet, the process iexplore.exe starts by itself. Remember, no Explorer windows opens. But, it's listed in the process list in the Task Manager menu. And multiple iexplore.exe processes keeps on starting by itself.
3. To stop it, I either keep on checking from time to time the Task Manager process menu, n terminate the suspected processes(sometimes, i even end up closing the actual iexplore.exe on which i m working!). And if i dont terminate these processes( from Task Manager process menu), after sometime I get a message "The webpage you are viewing is trying to close by itself, Press Yes to continue or No to cancel". So, if I press "yes", one of those iexplore.exe gets terminated but the other iexplore.exe processes are still there. So, its like If I dont terminate the processes from the Task Manager process menu, I keep on getting the dialogue box after some time intervals.
4. And as soon as I disconnect the internet, I no more see this problem.

I dont know whether i was able to completely tell the problem to you, but still i tried my best, and if u want some more clarification, please ask me. And tell me the solution. I'll be really greatful. Coz, if I tell u, the whole above matter, was completed in the fourth attempt....
:-(

I am sure, its somethin related to those URLs, but I didnt had the balls to check them, myself.

I also saw one more thing, my Phishing filter isnt workin. It says " Phishing Filter is not currently available, and cannot check whether this is a suspicious or reported phishing website." I seriously hav no idea, wat the heck is goin on. One more URL I found was "www.popunder.paypopup.com/....."

Whoa, chill out.. first off, you should have posted a warning about that link before posting it (I didn't click it, but apparently it isn't good). Second, what are you worrying about? By the sounds of things, you might have contracted some malware.. in which case you should lookup some spyware removal tools (possibly in our download section) or malware removal tools online.

That's my guess on it, post back if you need further assistance. Oh, and please.. calm down. You'll be alright.

EDIT: Ah, I see you tried that.. Hrmm.. I'll lookup this tool you might have to download that target's the damaged/corrupted files and eliminates them (I just forgot the link).

would you care to tell us your standard security practice ?
what you run, and when ?

and although this thread doesn't cover the Anti-Virus, it does have links to some other tools you may wish to try.........

specifically :

Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html
This is software that will stop the bad guys from even getting onto your PC in the first place. Again, it's a free download, and it's a load and forget device, even has auto-update enabled for us really forgetful types.

Prevx http://www.prevx.com/
Another piece of software that detects when the registry is being changed, and will alert you to it, to let you decide whether to allow / disallow.
One tip. suspend Prevx protection when you are loading software, as it will question EVERYTHING that you are doing

55 - I'm fiftyfeckinfive and STILL no wiser,
OLDER yes
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone

but seriously go through your posts and place something like [REMOVE ME] in the middle of the URL so someone doesn't stumble onto this post and visit them by accident. otherwise you are just aiding with the distribution of this malware.

Next I would get an alternative browser (eg: Firefox) and block IE at your firewall to stop it dialing home.

Personaly at this stage I would prefer to go for a full backup / format / reinstall if you are infected with unkown malware - but if thats not an option then get these, update fully and scan

ad-aware
spybot search & destroy

also I would check your hosts file for any 'additions' and you could place the offending urls in there redirected to 127.0.0.1 as an added precaution to them dialing home.

Check your firewall for any other sus traffic and report back

you may also want to post a hi-jack this log for some of the members here to take a look at.

Oh and next time - just pay for the software....and dont give me some BS about "but its too exspensive!" if thats the case dont use it! Would you expect the police to accept the same excuse if you drove off in someone elses car? So what makes this different? And if you insist on pirating software dont broadcast the fact on a security forum - esp not one which has a large amount of software developers ¬_¬